/*
 * Created on 2006-2-25
 *
 * TODO To change the template for this generated file go to
 * Window - Preferences - Java - Code Style - Code Templates
 */
package com.toyi.security;

import com.toyi.util.SimpleLogger;

/**
 * @author yangbingxp
 * 
 * TODO To change the template for this generated type comment go to Window -
 * Preferences - Java - Code Style - Code Templates
 */
public final class LoginManager {

    /**
     * Authenticate the current user with Database.
     * 
     * The user is considered authenticated successfully if the password is
     * correct and user status is ACTIVE, PASSWORD_EXPIRED or
     * FORCE_PASSWORD_CHANGE.
     * 
     * You need to further check the login status using getLoginStatus() to
     * determine whether the user can proceed to access the application.
     * 
     * @param userID The user's login id.
     * @param encPassword The SHA encrypted password of the user.
     * @return com.bhr.security.UserInfo if the current user has been
     *         authenticated successfully, null otherwise.
     */
    public static UserInfo authenticateUser(String userID, String encPassword) {
        UserInfo userInfo = UserInfoManager.buildUserInfo(userID);

        if (userInfo == null) {
            if (SimpleLogger.isDebugEnabled())
                SimpleLogger
                        .error("com.toyi.security.LoginManager.authenticateUser(String, String): UserInfo is null for userId: "
                                + userID);
            return null;
        }

        String truePassword = userInfo.getPassword();
        if (truePassword == null)
            return null;

        if (!truePassword.equals(encPassword)) {
            return null;
        }
        return userInfo;
    }

}